CVE-2011-4301 Information

Description

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Reference

http://git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8 http://moodle.org/mod/forum/discuss.php?d=188313 https://bugzilla.redhat.com/show_bug.cgi?id=747444